IETF Logo Mail Archive

Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document

Adam Montville <adam.w.montville@gmail.com> Fri, 10 June 2016 11:24 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9E912D169 for <sacm@ietfa.amsl.com>; Fri, 10 Jun 2016 04:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iDO81xr5xjAK for <sacm@ietfa.amsl.com>; Fri, 10 Jun 2016 04:24:49 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B2CC12D112 for <sacm@ietf.org>; Fri, 10 Jun 2016 04:24:49 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id p204so107321662oih.3 for <sacm@ietf.org>; Fri, 10 Jun 2016 04:24:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=yPTh6CWXJBQwjKJ/a0yU6iURoIe2syOhOG0QKLBcB0U=; b=Ket93a/UI0V95pMXlSzHbDuFtnb6sgquSVPIFyy9WfDB02MWM54Habj5VALp0QIJrP bwrxorNhYaKdV8oRHDGJ/eZJcQsso3BwyFdGYhNsqFImRD+TDoMI8poGWdmw5XYpnEba 0L5byBq7ye0PodOiohWnKm9WoFi5QcnYn5nOXZE2/KZGlTlpydD/GpuMBOeFe4vPSEvG d0fr2uKfqVRml1dgJWHXLGkbRXCobygBJ+XHbvp2LX+SQojVYQXdJwqMn2cI3G/4Inkn tiw1fI2V4GJXovOylibwGJHm1vvCHEcjZ+rAKIa4M5Q5IS3h2yqahVWnzdlod3L72bJH Vu5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=yPTh6CWXJBQwjKJ/a0yU6iURoIe2syOhOG0QKLBcB0U=; b=DFYYKYV47syfXWzChxGONZWo0RD9TfbSdtnJrQIMywgxZOy1OspFVba7iDrKmorne/ bk21rfeEBjP5simZaewM9Rx6TkFE6wXvwqDHACWGgKHwMFxwTQBaTVsxd4SlJ/hBgar2 yfVJsQeAI/NyqJw3BtCSE2rOtmT1bIFfK3fIODD5fY9cI7zz9lzCg85l2aZEdaO6KjW8 EoK1NapfsFWhrxtVVI6T8du7eGWHfHE+5VqAX53lejyGabPrvHG0F4yCDMB0ZtS/LntB K3IwCCa39Nr0Y5ikEZjoSW3owyyW5vCzXgtA+VsrWK0EP7+CY494GdUYDpEtzOKpzXOk dF7g==
X-Gm-Message-State: ALyK8tL94HeCDnnV+Sm2Nxni1mYhUkKRc+irzJ5N2KMTn+iQ4wEDzHRPP0awwNiGaAjTEA==
X-Received: by 10.157.27.46 with SMTP id l43mr661585otl.54.1465557888831; Fri, 10 Jun 2016 04:24:48 -0700 (PDT)
Received: from adams-mbp.attlocal.net (99-64-100-131.lightspeed.austtx.sbcglobal.net. [99.64.100.131]) by smtp.gmail.com with ESMTPSA id z89sm4944242ota.5.2016.06.10.04.24.47 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 10 Jun 2016 04:24:47 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_7BC531DE-076A-4585-9CFA-37F2EF675A6D"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Adam Montville <adam.w.montville@gmail.com>
In-Reply-To: <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com>
Date: Fri, 10 Jun 2016 06:24:46 -0500
Message-Id: <6062111F-9C39-4C7C-B008-F7E23FED40DE@gmail.com>
References: <17198AFF-DF5A-46BC-B84A-2AAF1717BD90@isoc.org> <EC234EFE-95AB-444B-8A5D-782ADBD60559@gmail.com> <1c99b26c-bdac-5798-1bd9-e957b11ae4bd@yaanatech.com> <db612b00-c11a-88c1-45da-35e0693305e9@ThreatGuard.com>
To: Gunnar Engelbach <gunnar.engelbach@threatguard.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/VopUELoBh4dbhVbkN9J0ajq7vYU>
Cc: "<sacm@ietf.org>" <sacm@ietf.org>, tony@yaanatech.com
Subject: Re: [sacm] Call for adoption of draft-coffin-sacm-nea-swid-patnc as a SACM WG document
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2016 11:24:52 -0000

This seems like a fine approach.

As part of that third item, I’d like to get requirements from our own drafts as well, starting perhaps with the vulnerability scenario, but also considering our requirements and other drafts.



> On Jun 9, 2016, at 7:44 PM, Gunnar Engelbach <gunnar.engelbach@threatguard.com> wrote:
> 
> 
> 
> Hey Tony, funny thing that you should say that.  You seem to have a better awareness of the other efforts going on out there than I do, so I could use your help in identifying other good candidates and what will be necessary to support as many of them as possible.
> 
> What I'd really like to do is take a more formal approach -- gather some requirements and then see from among the existing efforts which is the best from among those that are good enough.  If any.
> 
> But first is a matter of setting the requirements.  Stated generally, I really only have three:
> 
>   1)  Is extensible -- as a fork outside of the current owner, if necessary, to be sure it continues to meet SACM needs without relying on the good graces of the current owner
> 
>   2)  Readily accessible (eg., spec is not cost prohibitive for any users)
> 
>   3)  The most complete (that is, closest to being able to represent the other tag types without loss of data or shoe-horning data into fields that weren't really meant for that type of data)
> 
> 
> I'm sure Charles, et al, will have other requirements, so feel free to chime in.  However, I think the simpler and more informal we can keep this list the quicker we can grind through it.
> 
> 
> --gun
> 
> 
> 
> 
> On 6/9/2016 2:33 PM, Tony Rutkowski wrote:
>> Hi Adam,
>> 
>> A good solution.  Charles and Gunnar should also engage
>> in some proactive outreach.  Simply stating that "no other
>> solutions to the problem of software identification have
>> been submitted" is preposterous when there are so many
>> out there.  IMHO, one of the long-standing problems with
>> SACM is its institutional and participatory insularity in an
>> arena where so many almost identical activities are occurring
>> in other venues where there is far greater industry participation.
>> Ignoring them diminishes the value of whatever SACM
>> accomplishes.
>> 
>> --tony
>> 
>> On 2016-06-09 3:47 PM, Adam Montville wrote:
>>> All:
>>> 
>>> After several on-list discussions, the last virtual interim, and the discussions surrounding this call for adoption, the chairs acknowledge that there are some key concerns with this draft, but also see that there is rough consensus for adoption.  We additionally note that no other solutions to the problem of software identification have been submitted to the working group [1].
>>> 
>>> Because the topic of software identification, and SWID in particular, appears to be a contentious one, we are designating Charles Schmidt and Gunnar Engelbach as editors of the working group draft [2].  We believe that Charles and Gunnar will bring the necessary balance to this draft, so that the key concerns are sufficiently addressed.
>>> 
>>> Kind regards,
>>> 
>>> Adam & Karen
>>> 
>>> [1] This draft adoption does not preclude future alternative submissions
>>> [2] Note that original authors will remain authors, but Charles and Gunnar will hold the pen.
>>> 
>>> 
>>>> On May 17, 2016, at 11:21 AM, Karen O'Donoghue <odonoghue@isoc.org <mailto:odonoghue@isoc.org>> wrote:
>>>> 
>>>> Folks,
>>>> 
>>>> As discussed during our last couple of meetings, this is the official call for adoption of  <https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/>https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/ <https://datatracker.ietf.org/doc/draft-coffin-sacm-nea-swid-patnc/> as a SACM working group document.
>>>> 
>>>> Please reply with any comments or concerns along your support of this action to the mailing list.
>>>> 
>>>> Thanks,
>>>> Karen and Adam
>>>> _______________________________________________
>>>> sacm mailing list
>>>> sacm@ietf.org <mailto:sacm@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/sacm <https://www.ietf.org/mailman/listinfo/sacm>
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> sacm mailing list
>>> sacm@ietf.org <mailto:sacm@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/sacm <https://www.ietf.org/mailman/listinfo/sacm>
>> 
>> 
>> 
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org <mailto:sacm@ietf.org>
>> https://www.ietf.org/mailman/listinfo/sacm <https://www.ietf.org/mailman/listinfo/sacm>
>

v2.23.0 | Report a Bug | By Email